Enterprise software is software designed to satisfy the needs of an organization, e.g., a business, a school, or a government group. Enterprise software can provide business-oriented services such as automated billing, customer relationship management, enterprise resource planning, human resource management, and the like. Graphical User Interfaces (GUIs) for enterprise software are often built for the web using web-based applications, which can heighten the need to prevent unauthorized access and manipulation of data flowing through the web-based applications.
Some conventional web-based applications for enterprise software include a presentation tier and an application tier. The presentation tier is rendered within a web browser on a user device. The application tier is implemented on a server and executes a series of procedures, e.g., business logic, and returns data to the presentation tier for display in the web browser. The server can communicate with the user device using prearranged Application Programming Interfaces (APIs), e.g., Representation State Transfer (REST) based APIs.
Some enterprise software systems implement control for preventing unauthorized data access or modification exclusively at the presentation tier. With such an approach, the application tier may be vulnerable because rogue API requests (e.g., from 3rd parties impersonating legitimate application users) can bypass the controls that are implemented at the presentation tier. Some other enterprise software systems provide imprecise, crude, and indiscriminate controls at the application tier in addition to the presentation tier. Accordingly, there exists a need for improved methods, systems, and computer readable media for authorization frameworks for web-based applications